This Sinatra plugin supports the full CORS spec including automatic support for CORS preflight (OPTIONS) requests. It uses CORS security best practices. The plugin logs to the default logger to guide you in setting things up properly. It will tell you why a CORS request failed and tell you how to fix it.
https://rubygems.org/gems/sinatra-cors
The following is an example of how to create a CORS enabled route with some typical default configuration.
require "sinatra"
require "sinatra/cors"
set :allow_origin, "http://example.com http://foo.com"
set :allow_methods, "GET,HEAD,POST"
set :allow_headers, "content-type,if-modified-since"
set :expose_headers, "location,link"
get "/foo" do
"foo"
endOr, for a modular style application.
require "sinatra"
require "sinatra/cors"
class Foo < Sinatra::Base
register Sinatra::Cors
set :allow_origin, "http://example.com http://foo.com"
set :allow_methods, "GET,HEAD,POST"
set :allow_headers, "content-type,if-modified-since"
set :expose_headers, "location,link"
get "/foo" do
"foo"
end
end- allow_origin: A regex, or space-separated list of allowed origins, or an array of either of the previous two. (Example: "https://example.com")
- allow_methods: A comma-separated list of allowed methods. (Example: "GET,HEAD,POST")
- allow_headers: A comma-spearated list of allowed request headers. (Example: "content-type,if-modified-since")
- max_age: The number of seconds you allow the client to cache a preflight response (Example: "500")
- expose_headers: A comma-separated list of response headers the client will have access to. (Example: "location,link")
- allow_credentials: If true, it will allow actual requests to send things like cookies, HTTP authentication, and client-side SSL certificates. (Example: true)